OP 11 July, 2024 - 12:34 AM
In this guide i will teach/give you resources on how to be anonymous on the internet and what mistakes to avoid when regarding OpSec.
I won't be going into details that much because this guide is not for beginners really and i expect that you already have some knowledge.
The guide will be separated in multiple parts:
Rules (Rules regarding OpSec and its purpose.)
Software (System hardening, Applications, Security...)
Hardware (What to do with certain devices.)
Real life (What not to talk about, how to handle certain situations.)
OpSec fails and improvement (What should you avoid and how to make your OpSec be always fresh and good.)
Rules
- The most important rule of this guide and the reason why are we all here, it's not getting caught, there is feds on every corner, and they also might not be the biggest problem since there are also people that want you locked up for certain things you do. So we need to make ourselve's as anonymous as we can.
-Not leaving traces is one of the most important rules regarding OpSec because the smallest mistake can get you fucked up. There is a bunch of examples like a drug dealer that got caught by the police because his hand was shown in pictures of him holding drugs and they copied his fingerprints from the pictures, and it was show that it matched someone, and they raided him and found illegal goods.
-Do not trust anyone online. You do not know who are you talking to, what is their intention on talking to you.
-Do not trust applications/services you use. You can't really trust your VPN since you don't know for a fact that they don't store logs, snitch to the cops, collect your data... This also applies for everything else.
Software
Operating System - as host os i would only recommend Quebes OS and nothing else, it will take you time getting used to it. It is important to use different disposable vm's for different types of things for example: one for e-mail, second one for PGP, third one for browsing... Also it requires a good PC/laptop. Quebes is already hardened enough so it doesnt need any additional work on it. Now for using the DN i would only go with Whonix OS on a VM. On your Whonix OS you will only have the TOR browser and you wont use Whonix for anything else but TOR. You can also harden Whonix OS gateway & workstation additionaly, check these resources out:
https://www.whonix.org/wiki/System_Hardening_Checklist
https://www.kicksecure.com/wiki/Linux_Ke...Guard_LKRG
https://www.kicksecure.com/wiki/Operatin..._Hardening
Applications - When it comes to applications i recommend that you dont have anything you dont need on your machine especially if its not an official application. You should avoid applications that collect your data like game launchers, Microsoft software... Keep it as minimal as possible. When downloading applications try to make it without any traces back to you. Here are some applications i would reccomend and what are they used for:
Mulvad VPN is the best vpn on the market and they dont keep any logs of Ip's. You should only pay with XMR for your monero account and when using it never use the same servers twice in a short time of period always cycle them every session, but never connect to VPN -> TOR but only TOR -> VPN.
VeraCrypt is a great encryption tool for fulldisk encryption, usb encryption or making secret encrypted folders. Always use diffrent passwords for your volumes.
Kleopatra - PGP encryption.
BleachBit is a great tool for clearing logs from your pc and applications you used, i clean my pc with bleachbit every month.
Logins - People make lots of mistakes when it comes to making and using their accounts and how they use them and what for. You should NEVER make accounts that require any type of KYC with your personal info, it should always be something that doesnt tie with your real identity. Always use diffrent usernames and passwords and if you can dont use emails and phone numbers.
Wallets - Always use monero, MoneroGUIwallet is good but dont keep it on your pc somewhere but use it on a encrypted usb. If you need to use Bitcoin use it on whonix on a electrum wallet that comes with Whonix and sell it then for monero on some non kyc exchange.
Browser - On your host os you should only use TOR with no JS, noScript extension and block all requests for accessing your camera, microphone, location...
DNS - I suggest using Quad9 dns domain.
MAC & PC NAME - Randomize your mac address and pc name on every boot so its not easy to track back to you.
Email - I suggest you use selfhosted domains that you run on your own server but not everyone can do that, at that moment i would only suggest disroot or cock.li. Before there used to be so much more good encrypted emails but they've shutdown because of problems with police, death threats, bankruptcy...
Internet connection - Its the best if you could use internet connection from a caffe or something similar and make sure there is no CCTV filming you operating on the DN or similar. If there is too much risk on using internet from a caffe then use your own one and you will most likely be fine just dont make yourself a mindset like what can happened if i only once enter DN with no protection, a lot of people got caught that way.
Do not use Fullscreen on your browser, your time zone on your pc, your keyboard language layout.
Check this guide out for online anonymity it covers everything you need to know - https://anonymousplanet.org/guide.html
Phone - Most of us use phones and they are the biggest spyware ever, they know everything about us. Thats why we should buy a pixel phone and install graphene OS on it. Graphene OS ofc is not perfect and we need to do a little bit more safety precautions when using it. Changing your IMEI is crucial because it can tie to your location. Randomizing our MAC address every time we use internet. Put your phone into Airplane mode when not in use. Disable 2g & 5g. Never insert a SIM card. Connect to a Quad9 DNS. For a burner phone get a brick phone without a camera and access to internet and Bluetooth and insert a prepaid sim card in it and use it only when in need to.
Hardware
Laptop - When you buy a new laptop it is the best to manually yourself cut microphone and camera wires. You should have 2 laptops, one for your daily use and one for DN.
USB - Encrypt all your usb's you have, its also a good thing to have lots of encrypted usb's because LE will waste much time decrypting every single one of them if you OfCourse do not reuse passwords.
Phone - For burner phones do the same thing like with laptops, remove chips for microphone and camera. If you need to use the microphone just insert some handphones.
Real life
Dont talk too much - The worst thing you can do is talk too much and snitch on yourself unintentionally. Ways you can avoid this is not brag and dont mention DN. If someone asks you what do you do for a living make shit up you dont really have to tell anyone anything.
Police - Never cooperate with the cops. They will try to use alot of methods to get you to talk but dont its the only right thing to do. The best thing you can do is lie have a already made up story and persona or something similar.
Fingerprints - Whenever using your laptop, picking up baggies, phone make sure you wear some gloves that dont leak your fingerprints. If police comes into possession of something like this they can easily catch you.
Location - Never send your packages/pick up them from the same location. It can track back to you easily. The same goes for coffee shops you use DN inside of for example, make sure to cycle your presence in different places.
OpSec Fails and Improvement
Laziness - Biggest OpSec fail is being lazy. Every time you are lazy to turn on your pc and use safety to enter the DN remind yourself that's it better to waste 5 minutes than spend years in a prison. Not saying that this is what's going to happened but it may not happened 1st, 2nd time but the 3rd one might be the one.
How they got caught - Read about how people got caught on the DN(DARKNET), you can learn a lot from that.
If you feel like you need to add something, up write it down in the replies!
I won't be going into details that much because this guide is not for beginners really and i expect that you already have some knowledge.
The guide will be separated in multiple parts:
Rules (Rules regarding OpSec and its purpose.)
Software (System hardening, Applications, Security...)
Hardware (What to do with certain devices.)
Real life (What not to talk about, how to handle certain situations.)
OpSec fails and improvement (What should you avoid and how to make your OpSec be always fresh and good.)
Rules
- The most important rule of this guide and the reason why are we all here, it's not getting caught, there is feds on every corner, and they also might not be the biggest problem since there are also people that want you locked up for certain things you do. So we need to make ourselve's as anonymous as we can.
-Not leaving traces is one of the most important rules regarding OpSec because the smallest mistake can get you fucked up. There is a bunch of examples like a drug dealer that got caught by the police because his hand was shown in pictures of him holding drugs and they copied his fingerprints from the pictures, and it was show that it matched someone, and they raided him and found illegal goods.
-Do not trust anyone online. You do not know who are you talking to, what is their intention on talking to you.
-Do not trust applications/services you use. You can't really trust your VPN since you don't know for a fact that they don't store logs, snitch to the cops, collect your data... This also applies for everything else.
Software
Operating System - as host os i would only recommend Quebes OS and nothing else, it will take you time getting used to it. It is important to use different disposable vm's for different types of things for example: one for e-mail, second one for PGP, third one for browsing... Also it requires a good PC/laptop. Quebes is already hardened enough so it doesnt need any additional work on it. Now for using the DN i would only go with Whonix OS on a VM. On your Whonix OS you will only have the TOR browser and you wont use Whonix for anything else but TOR. You can also harden Whonix OS gateway & workstation additionaly, check these resources out:
https://www.whonix.org/wiki/System_Hardening_Checklist
https://www.kicksecure.com/wiki/Linux_Ke...Guard_LKRG
https://www.kicksecure.com/wiki/Operatin..._Hardening
Applications - When it comes to applications i recommend that you dont have anything you dont need on your machine especially if its not an official application. You should avoid applications that collect your data like game launchers, Microsoft software... Keep it as minimal as possible. When downloading applications try to make it without any traces back to you. Here are some applications i would reccomend and what are they used for:
Mulvad VPN is the best vpn on the market and they dont keep any logs of Ip's. You should only pay with XMR for your monero account and when using it never use the same servers twice in a short time of period always cycle them every session, but never connect to VPN -> TOR but only TOR -> VPN.
VeraCrypt is a great encryption tool for fulldisk encryption, usb encryption or making secret encrypted folders. Always use diffrent passwords for your volumes.
Kleopatra - PGP encryption.
BleachBit is a great tool for clearing logs from your pc and applications you used, i clean my pc with bleachbit every month.
Logins - People make lots of mistakes when it comes to making and using their accounts and how they use them and what for. You should NEVER make accounts that require any type of KYC with your personal info, it should always be something that doesnt tie with your real identity. Always use diffrent usernames and passwords and if you can dont use emails and phone numbers.
Wallets - Always use monero, MoneroGUIwallet is good but dont keep it on your pc somewhere but use it on a encrypted usb. If you need to use Bitcoin use it on whonix on a electrum wallet that comes with Whonix and sell it then for monero on some non kyc exchange.
Browser - On your host os you should only use TOR with no JS, noScript extension and block all requests for accessing your camera, microphone, location...
DNS - I suggest using Quad9 dns domain.
MAC & PC NAME - Randomize your mac address and pc name on every boot so its not easy to track back to you.
Email - I suggest you use selfhosted domains that you run on your own server but not everyone can do that, at that moment i would only suggest disroot or cock.li. Before there used to be so much more good encrypted emails but they've shutdown because of problems with police, death threats, bankruptcy...
Internet connection - Its the best if you could use internet connection from a caffe or something similar and make sure there is no CCTV filming you operating on the DN or similar. If there is too much risk on using internet from a caffe then use your own one and you will most likely be fine just dont make yourself a mindset like what can happened if i only once enter DN with no protection, a lot of people got caught that way.
Do not use Fullscreen on your browser, your time zone on your pc, your keyboard language layout.
Check this guide out for online anonymity it covers everything you need to know - https://anonymousplanet.org/guide.html
Phone - Most of us use phones and they are the biggest spyware ever, they know everything about us. Thats why we should buy a pixel phone and install graphene OS on it. Graphene OS ofc is not perfect and we need to do a little bit more safety precautions when using it. Changing your IMEI is crucial because it can tie to your location. Randomizing our MAC address every time we use internet. Put your phone into Airplane mode when not in use. Disable 2g & 5g. Never insert a SIM card. Connect to a Quad9 DNS. For a burner phone get a brick phone without a camera and access to internet and Bluetooth and insert a prepaid sim card in it and use it only when in need to.
Hardware
Laptop - When you buy a new laptop it is the best to manually yourself cut microphone and camera wires. You should have 2 laptops, one for your daily use and one for DN.
USB - Encrypt all your usb's you have, its also a good thing to have lots of encrypted usb's because LE will waste much time decrypting every single one of them if you OfCourse do not reuse passwords.
Phone - For burner phones do the same thing like with laptops, remove chips for microphone and camera. If you need to use the microphone just insert some handphones.
Real life
Dont talk too much - The worst thing you can do is talk too much and snitch on yourself unintentionally. Ways you can avoid this is not brag and dont mention DN. If someone asks you what do you do for a living make shit up you dont really have to tell anyone anything.
Police - Never cooperate with the cops. They will try to use alot of methods to get you to talk but dont its the only right thing to do. The best thing you can do is lie have a already made up story and persona or something similar.
Fingerprints - Whenever using your laptop, picking up baggies, phone make sure you wear some gloves that dont leak your fingerprints. If police comes into possession of something like this they can easily catch you.
Location - Never send your packages/pick up them from the same location. It can track back to you easily. The same goes for coffee shops you use DN inside of for example, make sure to cycle your presence in different places.
OpSec Fails and Improvement
Laziness - Biggest OpSec fail is being lazy. Every time you are lazy to turn on your pc and use safety to enter the DN remind yourself that's it better to waste 5 minutes than spend years in a prison. Not saying that this is what's going to happened but it may not happened 1st, 2nd time but the 3rd one might be the one.
How they got caught - Read about how people got caught on the DN(DARKNET), you can learn a lot from that.
If you feel like you need to add something, up write it down in the replies!
